Skillv0.1.1

ClawScan security

Post To Xhs · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 5, 2026, 7:15 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions and requirements are consistent with its stated purpose (posting image/text/video notes to 小红书) and it does not request unexplained credentials, installs, or persistent privileges.
Guidance: This skill appears to do what it says: prepare and post notes to 小红书. Before installing, confirm (1) how the platform handles authentication—use the platform's xhs-login flow rather than pasting credentials into chat; (2) what filesystem access the agent will have (it needs to read absolute local media paths for uploads); (3) how WebFetch works and whether fetched URLs will be sent to third-party endpoints; and (4) that you will be shown a full preview and must confirm before posting. If any of those behaviors are unclear or you cannot control file-read permissions, treat the integration with more caution.

Purpose & Capability: okThe name/description (post to 小红书) matches the runtime instructions: collecting title/content/media, validating lengths/paths, previewing for user confirmation, then calling publish_content or publish_with_video. The need to read local media files and to fetch web URLs is coherent with uploading content.
Instruction Scope: noteInstructions remain focused on publishing flows. They do instruct the agent to read local absolute file paths for video and image uploads and to use a WebFetch step for URLs. This is expected for an uploader, but you should confirm the platform's file-access behavior (what paths the agent can read) and what WebFetch endpoints it calls.
Install Mechanism: okNo install spec or code files are present (instruction-only). Nothing will be downloaded or written by an installer step as part of this skill.
Credentials: okThe skill declares no environment variables or credentials. Authentication is delegated (mentions 'xhs-login'), which is reasonable; verify that authentication is handled by a trusted platform mechanism rather than by the skill itself asking for secrets.
Persistence & Privilege: okalways is false and there are no config paths or other signs the skill requests permanent elevated presence. It does require access to local file paths when uploading media, which is appropriate for its function but worth confirming you consent to such access.